/crypto/heimdal/kadmin/mod.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 263 lines · 199 code · 32 blank · 32 comment · 45 complexity · 3013d2f36c60591992d978059599aeae MD5 · raw file

  1. /*
  2. * Copyright (c) 1997 - 2006 Kungliga Tekniska Hรถgskolan
  3. * (Royal Institute of Technology, Stockholm, Sweden).
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions
  8. * are met:
  9. *
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. *
  13. * 2. Redistributions in binary form must reproduce the above copyright
  14. * notice, this list of conditions and the following disclaimer in the
  15. * documentation and/or other materials provided with the distribution.
  16. *
  17. * 3. Neither the name of the Institute nor the names of its contributors
  18. * may be used to endorse or promote products derived from this software
  19. * without specific prior written permission.
  20. *
  21. * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24. * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31. * SUCH DAMAGE.
  32. */
  33. #include "kadmin_locl.h"
  34. #include "kadmin-commands.h"
  35. static void
  36. add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
  37. {
  38. krb5_tl_data *tl, **ptl;
  39. tl = ecalloc(1, sizeof(*tl));
  40. tl->tl_data_next = NULL;
  41. tl->tl_data_type = KRB5_TL_EXTENSION;
  42. tl->tl_data_length = data->length;
  43. tl->tl_data_contents = data->data;
  44. princ->n_tl_data++;
  45. ptl = &princ->tl_data;
  46. while (*ptl != NULL)
  47. ptl = &(*ptl)->tl_data_next;
  48. *ptl = tl;
  49. return;
  50. }
  51. static void
  52. add_constrained_delegation(krb5_context contextp,
  53. kadm5_principal_ent_rec *princ,
  54. struct getarg_strings *strings)
  55. {
  56. krb5_error_code ret;
  57. HDB_extension ext;
  58. krb5_data buf;
  59. size_t size = 0;
  60. memset(&ext, 0, sizeof(ext));
  61. ext.mandatory = FALSE;
  62. ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
  63. if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
  64. ext.data.u.allowed_to_delegate_to.val = NULL;
  65. ext.data.u.allowed_to_delegate_to.len = 0;
  66. } else {
  67. krb5_principal p;
  68. int i;
  69. ext.data.u.allowed_to_delegate_to.val =
  70. calloc(strings->num_strings,
  71. sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
  72. ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
  73. for (i = 0; i < strings->num_strings; i++) {
  74. ret = krb5_parse_name(contextp, strings->strings[i], &p);
  75. if (ret)
  76. abort();
  77. ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
  78. if (ret)
  79. abort();
  80. krb5_free_principal(contextp, p);
  81. }
  82. }
  83. ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
  84. &ext, &size, ret);
  85. free_HDB_extension(&ext);
  86. if (ret)
  87. abort();
  88. if (buf.length != size)
  89. abort();
  90. add_tl(princ, KRB5_TL_EXTENSION, &buf);
  91. }
  92. static void
  93. add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
  94. struct getarg_strings *strings)
  95. {
  96. krb5_error_code ret;
  97. HDB_extension ext;
  98. krb5_data buf;
  99. krb5_principal p;
  100. size_t size = 0;
  101. int i;
  102. memset(&ext, 0, sizeof(ext));
  103. ext.mandatory = FALSE;
  104. ext.data.element = choice_HDB_extension_data_aliases;
  105. ext.data.u.aliases.case_insensitive = 0;
  106. if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
  107. ext.data.u.aliases.aliases.val = NULL;
  108. ext.data.u.aliases.aliases.len = 0;
  109. } else {
  110. ext.data.u.aliases.aliases.val =
  111. calloc(strings->num_strings,
  112. sizeof(ext.data.u.aliases.aliases.val[0]));
  113. ext.data.u.aliases.aliases.len = strings->num_strings;
  114. for (i = 0; i < strings->num_strings; i++) {
  115. ret = krb5_parse_name(contextp, strings->strings[i], &p);
  116. ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
  117. krb5_free_principal(contextp, p);
  118. }
  119. }
  120. ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
  121. &ext, &size, ret);
  122. free_HDB_extension(&ext);
  123. if (ret)
  124. abort();
  125. if (buf.length != size)
  126. abort();
  127. add_tl(princ, KRB5_TL_EXTENSION, &buf);
  128. }
  129. static void
  130. add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
  131. struct getarg_strings *strings)
  132. {
  133. krb5_error_code ret;
  134. HDB_extension ext;
  135. krb5_data buf;
  136. size_t size = 0;
  137. int i;
  138. memset(&ext, 0, sizeof(ext));
  139. ext.mandatory = FALSE;
  140. ext.data.element = choice_HDB_extension_data_pkinit_acl;
  141. ext.data.u.aliases.case_insensitive = 0;
  142. if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
  143. ext.data.u.pkinit_acl.val = NULL;
  144. ext.data.u.pkinit_acl.len = 0;
  145. } else {
  146. ext.data.u.pkinit_acl.val =
  147. calloc(strings->num_strings,
  148. sizeof(ext.data.u.pkinit_acl.val[0]));
  149. ext.data.u.pkinit_acl.len = strings->num_strings;
  150. for (i = 0; i < strings->num_strings; i++) {
  151. ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
  152. }
  153. }
  154. ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
  155. &ext, &size, ret);
  156. free_HDB_extension(&ext);
  157. if (ret)
  158. abort();
  159. if (buf.length != size)
  160. abort();
  161. add_tl(princ, KRB5_TL_EXTENSION, &buf);
  162. }
  163. static int
  164. do_mod_entry(krb5_principal principal, void *data)
  165. {
  166. krb5_error_code ret;
  167. kadm5_principal_ent_rec princ;
  168. int mask = 0;
  169. struct modify_options *e = data;
  170. memset (&princ, 0, sizeof(princ));
  171. ret = kadm5_get_principal(kadm_handle, principal, &princ,
  172. KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
  173. KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
  174. KADM5_PRINC_EXPIRE_TIME |
  175. KADM5_PW_EXPIRATION);
  176. if(ret)
  177. return ret;
  178. if(e->max_ticket_life_string ||
  179. e->max_renewable_life_string ||
  180. e->expiration_time_string ||
  181. e->pw_expiration_time_string ||
  182. e->attributes_string ||
  183. e->kvno_integer != -1 ||
  184. e->constrained_delegation_strings.num_strings ||
  185. e->alias_strings.num_strings ||
  186. e->pkinit_acl_strings.num_strings) {
  187. ret = set_entry(context, &princ, &mask,
  188. e->max_ticket_life_string,
  189. e->max_renewable_life_string,
  190. e->expiration_time_string,
  191. e->pw_expiration_time_string,
  192. e->attributes_string);
  193. if(e->kvno_integer != -1) {
  194. princ.kvno = e->kvno_integer;
  195. mask |= KADM5_KVNO;
  196. }
  197. if (e->constrained_delegation_strings.num_strings) {
  198. add_constrained_delegation(context, &princ,
  199. &e->constrained_delegation_strings);
  200. mask |= KADM5_TL_DATA;
  201. }
  202. if (e->alias_strings.num_strings) {
  203. add_aliases(context, &princ, &e->alias_strings);
  204. mask |= KADM5_TL_DATA;
  205. }
  206. if (e->pkinit_acl_strings.num_strings) {
  207. add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
  208. mask |= KADM5_TL_DATA;
  209. }
  210. } else
  211. ret = edit_entry(&princ, &mask, NULL, 0);
  212. if(ret == 0) {
  213. ret = kadm5_modify_principal(kadm_handle, &princ, mask);
  214. if(ret)
  215. krb5_warn(context, ret, "kadm5_modify_principal");
  216. }
  217. kadm5_free_principal_ent(kadm_handle, &princ);
  218. return ret;
  219. }
  220. int
  221. mod_entry(struct modify_options *opt, int argc, char **argv)
  222. {
  223. krb5_error_code ret = 0;
  224. int i;
  225. for(i = 0; i < argc; i++) {
  226. ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
  227. if (ret)
  228. break;
  229. }
  230. return ret != 0;
  231. }